MacBook – Securely remove personal information, without reinstall on Yosemite

datamacbook proSecurity

Scenario:

I have a work provided Macbook on Yosemite that I've used for 2 years. All company files are stored in cloud drives, and all company programs are similarly cloud based.

The company does not wipe machines before re-assignment. That is their decision and I will comply by not reformatting.

I will be leaving the company and would like to remove any of my sensitive personal data from the machine.

(I've searched other questions which are either out of date or point to complete reformat. This is not an option. This question is the most analogous, but is for a different operating system version and is almost 2 years old. The upvoted answer references FileVault, which I don't think covers the personal data areas I am concerned with.)

I will follow the above mentioned question and complete these steps:

  1. Move out all important data
  2. Delete my old account (and entire home directory)
  3. Create a new account for the new owner
  4. Delete unused space in Disk Utility
  5. Delete Spotlight index
  6. Delete/var/db/locate.db

I will also follow the deauthorization steps mentioned in this answer.

However, I am concerned about other areas of data (like dropbox settings, synced drives, saved wifi/network information, saved network computers, keychains, saved cellphone mac address from Adobe Edge Inspect etc). That might be stored elsewhere.

My question:

What additional areas of the machine should I be sure to clear, and how can I do so?

Also, is there an Apple-updated guide for this sort of thing, that might stay relevant when AskDifferent questions fall out of usefulness?

Best Answer

You are on the right track. With modern storage, the value of secure wipe is so little, I prefer to just write files over the free space.

  1. Make a new account - do this before deleting yours.
  2. Download Rick Astley movies to the new user until space fills.
  3. Delete your user account - choose to delete the files
  4. Perform "paranoid" log cleaning and purging of system keychain items you feel are personal
  5. Use Disk Utility to securely wipe free space. (Optional)
  6. Continue to download videos and then hand in the Mac as ordered.

If you need help with http://brew.sh to download Rick Astley, please (pretty please) ask that and I'm sure someone can provide a nice script to get some youtube-dl going and then copy the files again and again to fill up space nicely.

Spotlight won't contain anything at that point you care about. If you are paranoid:

sudo periodic daily weekly monthly
sudo rm /var/vm/*

Inspect the /var/log folder and srm or truncate / delete everything you find.

An alternate method would be to use Time Machine to only back up the files you choose to restore and not mess with filling space. For every file you wish to check:

tmutil isexcluded /path/to/SystemKeychain.key

You can build up exclusions to your satisfaction and then make one backup once you've normal deleted all private files that are not excluded by rule. They you're free to wipe everything / fill up everything and then install a totally clean OS and use the migration assistant to migrate back just the company files that you've backed up.

Unless you're going to do this multiple times, it's probably not a big difference in the amount of effort it would require you to implement either of these choices. Pick the strategy that makes more sense to you.

Related Question